Cannot browse WEB but can browse LAN
Posted: Tue Feb 26, 2019 4:37 pm
Greetings,
I set up an OpenVPN server on my DD-WRT flashed Netgear R8000 router. Using the OpenVPN Windows client everything is working fine, I can connect to it, browse (server) local LAN and navigate on Internet. Using the iOS client I am able to connect and browse the local NET but cannot navigate on Internet. Any idea of why is it happening?
This is the client log content:
2019-02-22 23:13:17 Contacting [myserver]:myport/TCP via TCP
2019-02-22 23:13:17 EVENT: WAIT
2019-02-22 23:13:17 Connecting to [myserver]:myport (myserver) via TCPv4
2019-02-22 23:13:18 EVENT: CONNECTING
2019-02-22 23:13:18 Tunnel Options:V4,dev-type tun,link-mtu 1604,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client
2019-02-22 23:13:18 Creds: UsernameEmpty/PasswordEmpty
2019-02-22 23:13:18 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 3.0.2-894
IV_VER=3.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO_STUB=1
IV_COMP_STUB=1
IV_COMP_STUBv2=1
IV_AUTO_SESS=1
2019-02-22 23:13:18 VERIFY OK : depth=1
cert. version : 3
serial number : F4:0A:F1:71:71:8E:E3:B7
issuer name : C=, ST=, L=, O=, OU=, CN=, ??=, emailAddress=
subject name : C=, ST=, L=, O=, OU=, CN=, ??=, emailAddress=
issued on : 2019-02-06 07:30:30
expires on : 2029-02-03 07:30:30
signed using : RSA with SHA-256
RSA key size : 4096 bits
basic constraints : CA=true
2019-02-22 23:13:18 VERIFY OK : depth=0
cert. version : 3
serial number : 01
issuer name : C=, ST=, L=, O=, OU=, CN=, ??=, emailAddress=
subject name : C=, ST=, L=, O=, OU=, CN=, ??=, emailAddress=
issued on : 2019-02-06 07:32:36
expires on : 2029-02-03 07:32:36
signed using : RSA with SHA-256
RSA key size : 4096 bits
basic constraints : CA=false
cert. type : SSL Server
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication
2019-02-22 23:13:18 SSL Handshake: TLSv1.2/TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
2019-02-22 23:13:18 Session is ACTIVE
2019-02-22 23:13:18 EVENT: GET_CONFIG
2019-02-22 23:13:18 Sending PUSH_REQUEST to server...
2019-02-22 23:13:18 OPTIONS:
0 [redirect-gateway] [def1]
1 [route] [192.168.2.0] [255.255.255.0]
2 [dhcp-option] [DNS] [192.168.2.1]
3 [route-gateway] [192.168.50.1]
4 [topology] [subnet]
5 [ping] [10]
6 [ping-restart] [120]
7 [socket-flags] [TCP_NODELAY]
8 [ifconfig] [192.168.50.3] [255.255.255.0]
9 [peer-id] [0]
10 [cipher] [AES-256-GCM]
2019-02-22 23:13:18 PROTOCOL OPTIONS:
cipher: AES-256-GCM
digest: SHA512
compress: LZO_STUB
peer ID: 0
2019-02-22 23:13:18 EVENT: ASSIGN_IP
2019-02-22 23:13:18 NIP: preparing TUN network settings
2019-02-22 23:13:18 NIP: init TUN network settings with endpoint: myserver
2019-02-22 23:13:18 NIP: adding IPv4 address to network settings 192.168.50.3/255.255.255.0
2019-02-22 23:13:18 NIP: adding (included) IPv4 route 192.168.50.0/24
2019-02-22 23:13:18 NIP: adding (included) IPv4 route 192.168.2.0/24
2019-02-22 23:13:18 NIP: redirecting all IPv4 traffic to TUN interface
2019-02-22 23:13:18 NIP: adding DNS 192.168.2.1
2019-02-22 23:13:18 Connected via NetworkExtensionTUN
2019-02-22 23:13:18 LZO-ASYM init swap=0 asym=1
2019-02-22 23:13:18 Comp-stub init swap=0
2019-02-22 23:13:18 EVENT: CONNECTED myserver:myport (myserver) via /TCPv4 on NetworkExtensionTUN/192.168.50.3/ gw=[/]
and the client config:
client
dev tun
proto tcp-client
remote myserver myport
cipher AES-256-CBC
ca ca.crt
cert iphone.crt
key iphone.key
auth SHA512
remote-cert-tls server
comp-lzo
tls-auth tlsauth.key 1
the settings on the iOS and Windows client are the same (except for the cert and key option that are specific ofc)
Any help would be greatly appreciated
Francesco
I set up an OpenVPN server on my DD-WRT flashed Netgear R8000 router. Using the OpenVPN Windows client everything is working fine, I can connect to it, browse (server) local LAN and navigate on Internet. Using the iOS client I am able to connect and browse the local NET but cannot navigate on Internet. Any idea of why is it happening?
This is the client log content:
2019-02-22 23:13:17 Contacting [myserver]:myport/TCP via TCP
2019-02-22 23:13:17 EVENT: WAIT
2019-02-22 23:13:17 Connecting to [myserver]:myport (myserver) via TCPv4
2019-02-22 23:13:18 EVENT: CONNECTING
2019-02-22 23:13:18 Tunnel Options:V4,dev-type tun,link-mtu 1604,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client
2019-02-22 23:13:18 Creds: UsernameEmpty/PasswordEmpty
2019-02-22 23:13:18 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 3.0.2-894
IV_VER=3.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO_STUB=1
IV_COMP_STUB=1
IV_COMP_STUBv2=1
IV_AUTO_SESS=1
2019-02-22 23:13:18 VERIFY OK : depth=1
cert. version : 3
serial number : F4:0A:F1:71:71:8E:E3:B7
issuer name : C=, ST=, L=, O=, OU=, CN=, ??=, emailAddress=
subject name : C=, ST=, L=, O=, OU=, CN=, ??=, emailAddress=
issued on : 2019-02-06 07:30:30
expires on : 2029-02-03 07:30:30
signed using : RSA with SHA-256
RSA key size : 4096 bits
basic constraints : CA=true
2019-02-22 23:13:18 VERIFY OK : depth=0
cert. version : 3
serial number : 01
issuer name : C=, ST=, L=, O=, OU=, CN=, ??=, emailAddress=
subject name : C=, ST=, L=, O=, OU=, CN=, ??=, emailAddress=
issued on : 2019-02-06 07:32:36
expires on : 2029-02-03 07:32:36
signed using : RSA with SHA-256
RSA key size : 4096 bits
basic constraints : CA=false
cert. type : SSL Server
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication
2019-02-22 23:13:18 SSL Handshake: TLSv1.2/TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
2019-02-22 23:13:18 Session is ACTIVE
2019-02-22 23:13:18 EVENT: GET_CONFIG
2019-02-22 23:13:18 Sending PUSH_REQUEST to server...
2019-02-22 23:13:18 OPTIONS:
0 [redirect-gateway] [def1]
1 [route] [192.168.2.0] [255.255.255.0]
2 [dhcp-option] [DNS] [192.168.2.1]
3 [route-gateway] [192.168.50.1]
4 [topology] [subnet]
5 [ping] [10]
6 [ping-restart] [120]
7 [socket-flags] [TCP_NODELAY]
8 [ifconfig] [192.168.50.3] [255.255.255.0]
9 [peer-id] [0]
10 [cipher] [AES-256-GCM]
2019-02-22 23:13:18 PROTOCOL OPTIONS:
cipher: AES-256-GCM
digest: SHA512
compress: LZO_STUB
peer ID: 0
2019-02-22 23:13:18 EVENT: ASSIGN_IP
2019-02-22 23:13:18 NIP: preparing TUN network settings
2019-02-22 23:13:18 NIP: init TUN network settings with endpoint: myserver
2019-02-22 23:13:18 NIP: adding IPv4 address to network settings 192.168.50.3/255.255.255.0
2019-02-22 23:13:18 NIP: adding (included) IPv4 route 192.168.50.0/24
2019-02-22 23:13:18 NIP: adding (included) IPv4 route 192.168.2.0/24
2019-02-22 23:13:18 NIP: redirecting all IPv4 traffic to TUN interface
2019-02-22 23:13:18 NIP: adding DNS 192.168.2.1
2019-02-22 23:13:18 Connected via NetworkExtensionTUN
2019-02-22 23:13:18 LZO-ASYM init swap=0 asym=1
2019-02-22 23:13:18 Comp-stub init swap=0
2019-02-22 23:13:18 EVENT: CONNECTED myserver:myport (myserver) via /TCPv4 on NetworkExtensionTUN/192.168.50.3/ gw=[/]
and the client config:
client
dev tun
proto tcp-client
remote myserver myport
cipher AES-256-CBC
ca ca.crt
cert iphone.crt
key iphone.key
auth SHA512
remote-cert-tls server
comp-lzo
tls-auth tlsauth.key 1
the settings on the iOS and Windows client are the same (except for the cert and key option that are specific ofc)
Any help would be greatly appreciated
Francesco